TalkTalk denies Wi-Fi password theft

TalkTalk has assured customers that their personal details are not at risk following a warning that Wi-Fi passwords have been stolen.

Last week, thousands of TalkTalk and Post Office broadband customers lost internet access after cyber attackers used a modified version of the Mirai worm cyber bug to target and disrupt broadband routers.

Ken Munro, a security researcher at Pen Test Partners, has since warned that the attackers will be able to obtain the password details of those affected, potentially leaving them open to more targeted hacks.

However, TalkTalk has dismissed the warning, insisting there is no evidence to suggest passwords have been stolen.

"As is widely known, the Mirai worm is affecting many ISPs around the world and it has affected a small number of TalkTalk customers," a spokeswoman told BBC News.

"We continue to take steps to review any potential impacts and have deployed a variety of solutions to ensure customers' routers remain safe.

"We have also employed additional network-level controls to further protect our customers."

People affected by the recent cyber attack were advised to reset their equipment so an update could be installed, before using the wireless network name and password on the back of the router to connect to the internet.

However, Mr Munro insists these people could still be at risk if they continue using the same password.

"Most consumers never change the Wi-Fi keys written on the back of their router, so the fix didn't actually fix the problem," he commented.

"Once an attacker has got the Wi-Fi key, if they go near to the house they can get nearly everything from their home network."

Mr Munro has therefore urged TalkTalk to "seriously consider" replacing customer routers immediately unless it can prove they have not been compromised.

uSwitch Limited is authorised and regulated by the Financial Conduct Authority (FCA) under firm reference number 312850. You can check this on the Financial Services Register by visiting the FCA website.